github.com/silveraid/fabric-ca@v1.1.0-preview.0.20180127000700-71974f53ab08/docs/source/clientconfig.rst (about)

     1  Fabric-CA Client's Configuration File
     2  ======================================
     3  
     4  ::
     5  
     6      
     7      #############################################################################
     8      #   This is a configuration file for the fabric-ca-client command.
     9      #
    10      #   COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
    11      #   ------------------------------------------------
    12      #   Each configuration element can be overridden via command line
    13      #   arguments or environment variables.  The precedence for determining
    14      #   the value of each element is as follows:
    15      #   1) command line argument
    16      #      Examples:
    17      #      a) --url https://localhost:7054
    18      #         To set the fabric-ca server url
    19      #      b) --tls.client.certfile certfile.pem
    20      #         To set the client certificate for TLS
    21      #   2) environment variable
    22      #      Examples:
    23      #      a) FABRIC_CA_CLIENT_URL=https://localhost:7054
    24      #         To set the fabric-ca server url
    25      #      b) FABRIC_CA_CLIENT_TLS_CLIENT_CERTFILE=certfile.pem
    26      #         To set the client certificate for TLS
    27      #   3) configuration file
    28      #   4) default value (if there is one)
    29      #      All default values are shown beside each element below.
    30      #
    31      #   FILE NAME ELEMENTS
    32      #   ------------------
    33      #   The value of all fields whose name ends with "file" or "files" are
    34      #   name or names of other files.
    35      #   For example, see "tls.certfiles" and "tls.client.certfile".
    36      #   The value of each of these fields can be a simple filename, a
    37      #   relative path, or an absolute path.  If the value is not an
    38      #   absolute path, it is interpretted as being relative to the location
    39      #   of this configuration file.
    40      #
    41      #############################################################################
    42      
    43      #############################################################################
    44      # Client Configuration
    45      #############################################################################
    46      
    47      # URL of the Fabric-ca-server (default: http://localhost:7054)
    48      url: <<<URL>>>
    49      
    50      # Membership Service Provider (MSP) directory
    51      # This is useful when the client is used to enroll a peer or orderer, so
    52      # that the enrollment artifacts are stored in the format expected by MSP.
    53      mspdir:
    54      
    55      #############################################################################
    56      #    TLS section for secure socket connection
    57      #
    58      #  certfiles - PEM-encoded list of trusted root certificate files
    59      #  client:
    60      #    certfile - PEM-encoded certificate file for when client authentication
    61      #    is enabled on server
    62      #    keyfile - PEM-encoded key file for when client authentication
    63      #    is enabled on server
    64      #############################################################################
    65      tls:
    66        # TLS section for secure socket connection
    67        certfiles:
    68        client:
    69          certfile:
    70          keyfile:
    71      
    72      #############################################################################
    73      #  Certificate Signing Request section for generating the CSR for
    74      #  an enrollment certificate (ECert)
    75      #
    76      #  cn - Used by CAs to determine which domain the certificate is to be generated for
    77      #  names -  A list of name objects. Each name object should contain at least one
    78      #  "C", "L", "O", "OU", or "ST" value (or any combination of these). These values are:
    79      #      "C": country
    80      #      "L": locality or municipality (such as city or town name)
    81      #      "O": organisation
    82      #      "OU": organisational unit, such as the department responsible for owning the key;
    83      #      it can also be used for a "Doing Business As" (DBS) name
    84      #      "ST": the state or province
    85      #  hosts - A list of space-separated host names which the certificate should be valid for
    86      #
    87      #  NOTE: The serialnumber field below, if specified, becomes part of the issued
    88      #  certificate's DN (Distinguished Name).  For example, one use case for this is
    89      #  a company with its own CA (Certificate Authority) which issues certificates
    90      #  to its employees and wants to include the employee's serial number in the DN
    91      #  of its issued certificates.
    92      #
    93      #  WARNING: This serialnumber field should not be confused with the certificate's
    94      #  serial number which is set by the CA but is not a component of the
    95      #  certificate's DN.
    96      #############################################################################
    97      csr:
    98        cn: <<<ENROLLMENT_ID>>>
    99        serialnumber:
   100        names:
   101          - C: US
   102            ST: North Carolina
   103            L:
   104            O: Hyperledger
   105            OU: Fabric
   106        hosts:
   107          - <<<MYHOST>>>
   108        ca:
   109          pathlen:
   110          pathlenzero:
   111          expiry:
   112      
   113      #############################################################################
   114      #  Registration section used to register a new identity with fabric-ca server
   115      #
   116      #  name - Unique name of the identity
   117      #  type - Type of identity being registered (e.g. 'peer, app, user')
   118      #  affiliation - The identity's affiliation
   119      #  maxenrollments - The maximum number of times the secret can be reused to enroll.
   120      #                   Specially, -1 means unlimited; 0 means disabled
   121      #  attributes - List of name/value pairs of attribute for identity
   122      #############################################################################
   123      id:
   124        name:
   125        type:
   126        affiliation:
   127        maxenrollments: -1
   128        attributes:
   129         # - name:
   130         #   value:
   131      
   132      #############################################################################
   133      #  Enrollment section used to enroll an identity with fabric-ca server
   134      #
   135      #  profile - Name of the signing profile to use in issuing the certificate
   136      #  label - Label to use in HSM operations
   137      #############################################################################
   138      enrollment:
   139        profile:
   140        label:
   141      
   142      #############################################################################
   143      # Name of the CA to connect to within the fabric-ca server
   144      #############################################################################
   145      caname:
   146      
   147      #############################################################################
   148      # BCCSP (BlockChain Crypto Service Provider) section allows to select which
   149      # crypto implementation library to use
   150      #############################################################################
   151      bccsp:
   152          default: SW
   153          sw:
   154              hash: SHA2
   155              security: 256
   156              filekeystore:
   157                  # The directory used for the software file-based keystore
   158                  keystore: msp/keystore